summaryrefslogtreecommitdiff
path: root/.github/workflows/vyos-rolling-nightly-build.yml
blob: 9d56dec15b026350e918511aa8a351bb1aaf5d1f (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

name: VyOS rolling nightly build

on:
  schedule:
    - cron: "0 0 * * *"

  workflow_dispatch:

jobs:
  build-iso:
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:

      - name: Set VyOS version
        id: set_vyos_version
        run: |
          echo "VYOS_VERSION=1.4-rolling-$(date -u +%Y%m%d%H%M)" >> $GITHUB_ENV

      - uses: actions/checkout@v3

      - name: Update latest_build.txt
        run: echo $(date -u +%Y%m%d%H%M) > $GITHUB_WORKSPACE/latest_build.txt

      - name: Create autocommit and tag
        uses: stefanzweifel/git-auto-commit-action@v4
        with:
          tagging_message: ${{ env.VYOS_VERSION }}
          commit_message: ${{ env.VYOS_VERSION }}

      - name: Git clone vyos-build
        run: git clone -b current --single-branch https://github.com/vyos/vyos-build

      - name: Build ISO
        run: |
          docker run --rm --privileged -v ./vyos-build/:/vyos -w /vyos vyos/vyos-build:current sudo --preserve-env ./build-vyos-image --architecture amd64 --build-by "autobuild@vyos.net" --vyos-mirror https://rolling-packages.vyos.net/current/ --debian-mirror http://deb.debian.org/debian/ --build-type release --version "${VYOS_VERSION}" iso
 
      # - name: Debug
      #   run: |
      #     mkdir -p ./vyos-build/build/
      #     echo "TEST" > ./vyos-build/build/live-image-amd64.hybrid.iso

      - name: Copy ISO
        run: |
          cp ./vyos-build/build/live-image-amd64.hybrid.iso ./vyos-$VYOS_VERSION-amd64.iso

      - name: Sign ISO (Minisign)
        run: |
          echo 'untrusted comment: minisign encrypted secret key' > minisign.key
          echo $minisign_key >> minisign.key
          shasum minisign.key
          echo $minisign_password | $GITHUB_WORKSPACE/bin/minisign -s minisign.key -Sm ./vyos-$VYOS_VERSION-amd64.iso
          $GITHUB_WORKSPACE/bin/minisign -Vm ./vyos-$VYOS_VERSION-amd64.iso -x ./vyos-$VYOS_VERSION-amd64.iso.minisig -p $GITHUB_WORKSPACE/minisign.pub
        env:
          minisign_key: ${{ secrets.minisign_key }}
          minisign_password: ${{ secrets.minisign_password }}

      - name: Upload ISO to S3 Glacier
        uses: keithweaver/aws-s3-github-action@v1.0.0
        with:
          command: cp
          source: ./vyos-${{ env.VYOS_VERSION }}-amd64.iso
          destination: s3://${{ secrets.aws_s3_bucket }}/vyos-${{ env.VYOS_VERSION }}-amd64.iso
          aws_access_key_id: ${{ secrets.aws_access_key_id }}
          aws_secret_access_key: ${{ secrets.aws_secret_access_key }}
          aws_region: us-east-1
          flags: --storage-class GLACIER

      - name: Upload ISO's signature to S3 Glacier
        uses: keithweaver/aws-s3-github-action@v1.0.0
        with:
          command: cp
          source: ./vyos-${{ env.VYOS_VERSION }}-amd64.iso.minisig
          destination: s3://${{ secrets.aws_s3_bucket }}/vyos-${{ env.VYOS_VERSION }}-amd64.iso.minisig
          aws_access_key_id: ${{ secrets.aws_access_key_id }}
          aws_secret_access_key: ${{ secrets.aws_secret_access_key }}
          aws_region: us-east-1
          flags: --storage-class GLACIER

      - name: Upload ISO artifact
        uses: actions/upload-artifact@v3
        with:
          name: vyos-${{ env.VYOS_VERSION }}-amd64.iso
          path: ./vyos-${{ env.VYOS_VERSION }}-amd64.iso
          retention-days: 30
          if-no-files-found: error

      - name: Upload ISO's Minisign artifact
        uses: actions/upload-artifact@v3
        with:
          name: vyos-${{ env.VYOS_VERSION }}-amd64.iso.minisig
          path: ./vyos-${{ env.VYOS_VERSION }}-amd64.iso.minisig
          retention-days: 30
          if-no-files-found: error

      - name: Publish release
        uses: softprops/action-gh-release@v1
        with:
          tag_name: ${{ env.VYOS_VERSION }}
          fail_on_unmatched_files: true
          files: |
            ./vyos-${{ env.VYOS_VERSION }}-amd64.iso
            ./vyos-${{ env.VYOS_VERSION }}-amd64.iso.minisig

      - name: Remove old releases
        uses: dev-drprasad/delete-older-releases@v0.2.1
        with:
          keep_latest: 30
          delete_tags: true
        env:
          GITHUB_TOKEN: ${{ secrets.CUSTOM_GITHUB_TOKEN }}

      - name: Send Slack notification on fail
        if: failure()
        id: slack
        uses: slackapi/slack-github-action@v1.24.0
        with:
          payload: |
            {
              "text": "*vyos-rolling-nightly-builds*\nGitHub Action build result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}"
            }
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
generated by cgit v1.2.3 (git 2.39.1) at 2025-09-02 11:50:32 +0000